Dave Richer
@@ -1,5 +1,7 @@
|
||||
/**
|
||||
* Checks if the event secret is correct
|
||||
* It adds the following properties to the request object:
|
||||
* - req.isEventAuthorized - Returns true if the event secret is correct
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
@@ -9,6 +11,7 @@ function eventAuthorizationMiddleware(req, res, next) {
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
|
||||
req.isEventAuthorized = true;
|
||||
next();
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,15 @@
|
||||
const logger = require("../utils/logger");
|
||||
const adminEmail = require("../utils/adminEmail");
|
||||
|
||||
/**
|
||||
* Validate admin middleware
|
||||
* It adds the following properties to the request object:
|
||||
* - req.isAdmin - returns true if the user passed an admin check
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
* @returns {*}
|
||||
*/
|
||||
const validateAdminMiddleware = (req, res, next) => {
|
||||
if (!adminEmail.includes(req.user.email) && !req.user.ioadmin) {
|
||||
logger.log("admin-validation-failed", "ERROR", req.user.email, null, {
|
||||
@@ -9,6 +18,8 @@ const validateAdminMiddleware = (req, res, next) => {
|
||||
});
|
||||
return res.sendStatus(404);
|
||||
}
|
||||
|
||||
req.isAdmin = true;
|
||||
next();
|
||||
};
|
||||
|
||||
|
||||
@@ -1,15 +1,26 @@
|
||||
const logger = require("../utils/logger");
|
||||
const admin = require("firebase-admin");
|
||||
|
||||
/**
|
||||
* Middleware to validate Firebase ID Tokens.
|
||||
* This middleware is used to protect API endpoints from unauthorized access.
|
||||
* It adds the following properties to the request object:
|
||||
* - req.user - the decoded Firebase ID Token
|
||||
* @param req
|
||||
* @param res
|
||||
* @param next
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
|
||||
if (
|
||||
(!req.headers.authorization ||
|
||||
(
|
||||
!req.headers.authorization ||
|
||||
!req.headers.authorization.startsWith("Bearer ")) &&
|
||||
!(req.cookies && req.cookies.__session)
|
||||
!(req.cookies && req.cookies.__session
|
||||
)
|
||||
) {
|
||||
console.error("Unauthorized attempt. No authorization provided.");
|
||||
res.status(403).send("Unauthorized");
|
||||
return;
|
||||
return res.status(403).send("Unauthorized");
|
||||
}
|
||||
|
||||
let idToken;
|
||||
@@ -32,8 +43,8 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
|
||||
req,
|
||||
type: "no-cookie",
|
||||
});
|
||||
res.status(403).send("Unauthorized");
|
||||
return;
|
||||
|
||||
return res.status(403).send("Unauthorized");
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -51,8 +62,7 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
|
||||
...error,
|
||||
});
|
||||
|
||||
res.status(401).send("Unauthorized");
|
||||
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user